Today we are going to expose some live Google Vulnerabilities which are not under bug bounty program.
1. XSS On Google Vulnerability Submission Page:
https://www.google.com/appserve/security-bugs/new?rl=%3Cscript%3Ealert%281%29%3C%2Fscript%3E
Above script gives XSS on Google vulnerability submit page.. isn't it funny.. :P
2. XSS on Google Translate Page
When we reported about the above code then we got reply by Google.
"Cross-site scripting vulnerabilities in “sandbox” domains. We maintain a number of domains that leverage the same-origin policy to safely isolate certain types of untrusted content; the most prominent example of this is "*.googleusercontent.com". Unless an impact on sensitive user data can be demonstrated, we do not consider the ability to execute JavaScript in that domain to be a bug."
3. Redirect URL
http://www.google.com/search?source=hackersonlineclub.com&hl=www.hackersonlineclub.com&q=www.hackersonlineclub.com&btnG=www.hackersonlineclub.com&btnI=www.hackersonlineclub.com
http://www.google.com/search?btnI&q=allinurl:http://www.hackersonlineclub.com/
"URL redirection. We recognize that the address bar is the only reliable security indicator in modern browsers; consequently, we hold that the usability and security benefits of a small number of well-designed and closely monitored redirectors outweigh their true risks."
-> The first point is an Easter egg. when you will try below script
https://www.google.com/appserve/security-bugs/new?rl=<script>alert(document.cookie)</script>
then the page will redirect to
http://allrecipes.com/Recipe/Beths-Spicy-Oatmeal-Raisin-Cookies/Detail.aspx
-> The second one is on a sandbox domain *.googleusercontent.com
-> Redirect URL all recognized & monitored by Google.
So all above scripts code are not under bug bounty program of Google.
1. XSS On Google Vulnerability Submission Page:
https://www.google.com/appserve/security-bugs/new?rl=%3Cscript%3Ealert%281%29%3C%2Fscript%3E
Above script gives XSS on Google vulnerability submit page.. isn't it funny.. :P
2. XSS on Google Translate Page
When we reported about the above code then we got reply by Google.
"Cross-site scripting vulnerabilities in “sandbox” domains. We maintain a number of domains that leverage the same-origin policy to safely isolate certain types of untrusted content; the most prominent example of this is "*.googleusercontent.com". Unless an impact on sensitive user data can be demonstrated, we do not consider the ability to execute JavaScript in that domain to be a bug."
3. Redirect URL
http://www.google.com/search?source=hackersonlineclub.com&hl=www.hackersonlineclub.com&q=www.hackersonlineclub.com&btnG=www.hackersonlineclub.com&btnI=www.hackersonlineclub.com
http://www.google.com/search?btnI&q=allinurl:http://www.hackersonlineclub.com/
"URL redirection. We recognize that the address bar is the only reliable security indicator in modern browsers; consequently, we hold that the usability and security benefits of a small number of well-designed and closely monitored redirectors outweigh their true risks."
-> The first point is an Easter egg. when you will try below script
https://www.google.com/appserve/security-bugs/new?rl=<script>alert(document.cookie)</script>
then the page will redirect to
http://allrecipes.com/Recipe/Beths-Spicy-Oatmeal-Raisin-Cookies/Detail.aspx
-> The second one is on a sandbox domain *.googleusercontent.com
-> Redirect URL all recognized & monitored by Google.
So all above scripts code are not under bug bounty program of Google.